20 Cybersecurity Guidelines From Experts

Why you should choose to care about online security

Reports show that 70 to 90 percent of cyber attacks are against individuals and small and medium businesses (SMBs).

For every small and medium business (SMB) that has not been the target of a cyber attack, one has been. Yes, 50 percent of SMBs have experienced cyber attacks.

And it makes sense. While breaching a major company might reap major rewards for the attacker, security tends to be far more sophisticated. That’s not so much the case with smaller businesses. In fact, Endurance International Group’s 2015 Small Business & CyberSecurity survey shows that 83 percent small business owners manage their cybersecurity efforts rather than have in-house or outsourced IT for the job.

When attacks are successful, and a data breach occurs, the typical cost to repair the damage is more than $36,000. Worse still, as much as 60 percent of small businesses crumble within six months following.

But take note—there is a huge difference between being the target of a cyber attack and being successfully breached. What keeps someone in the former group and out of latter often comes down to simple oversights.

Implement a password policy and multi-factor authentication

It’s tempting to use your dog’s name for every password, but it makes you very vulnerable to cyber criminals. Not only do you need to change your passwords often, you should use different passwords for every site, service or app you use. -Emmanuel Schalit, Dashlane

All companies, specifically SMBs, should implement a password policy for all employees and use multi-factor authentication. The password policy should at a minimum require employees to change the passwords every 90 days and they should always use multi-factor authentication to verify identity. The verification of identities when accessing work files and information is critical. I suggest implementing a solution similar to Okta or PingIdentity. -Ray McKenzie, Founder and Principal at Red Beach Advisors

Two-Factor Authentication (2FA), where users are required to put in a second form of information in addition to a password, like a PIN or security question, allows for only the intended user to access accounts. From password protected documents and accessing the network to staff’s personal and company accounts on company desktops, adding 2FA to accounts requiring passwords strengthen security. While sites like Gmail already implement this, many password managers also offer this as an additional feature to sites that don’t. -Kevin Shahbazi, CEO of LogMeOnce

Use a password manager

One of the impossible things that people like me tell the world is that everyone needs to have a unique password for each site. If I use the same password on a dozen different sites and services, then it takes only one of those to be broken into for the attacker to have my password for all of them.

Asking people to remember a different password for each site and service is absurd. Nobody will do that. (Ok, I once met someone with an eidetic memory who actually did do that for more than 70 sites.) This is what password managers are for. They remember your passwords for you so that you don’t have to. Once you start using a password manager — and doing so will already make things easier for you — you can slowly start chipping away at password reuse. Sure it will be a while before you get to truly having a unique password for each site and service (I still don’t), but each time you change one password on some site to a new and unique one you are making a real improvement in your own security. -Jeffrey Goldberg, AgileBits / 1Password